What Is a Hash?

A hash function takes input data of any size and produces a fixed-size digest, often shown as hexadecimal text. The same input and algorithm always produce the same digest. Even a one-character change in the input usually produces a completely different digest.

Hashes are one-way

You can compute a hash from data, but you cannot reliably reverse a hash back into the original input. That is why hashes are used as fingerprints, not as a way to recover secrets.

Hashes are deterministic

If you hash the bytes Hello with SHA-256 twice, you get the same result both times. This property makes hashes useful for comparison:

• Does this downloaded file match the published checksum?
• Did this config change since yesterday?
• Are these two API payloads byte-identical?

Where developers see hashes

Common places include:

• Package manager lockfile integrity fields
• Git commit IDs (SHA-1 based, with Git-specific formatting)
• HTTP ETag headers and cache keys
• Password storage when combined with proper key stretching (never plain MD5 alone)
• Blockchain and certificate fingerprints (usually stronger algorithms)

Hashes detect change, not intent

A hash tells you whether two byte sequences match under a chosen algorithm. It does not tell you who created the data, whether the data is safe to run, or whether a third party tampered with it unless you already trust the reference hash source.